Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery
|
|
- Augusta Gregory
- 8 years ago
- Views:
Transcription
1 Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data Collection of Data Transfer of Data to Law Firm or Vendor Hosting of Data by Law Firm or Vendor Production of Data to Requesting Party Return or Destruction of Data 1 Data Privacy & ediscovery
2 Introduction to Data Privacy & ediscovery Understanding What Data Privacy Means is Critical to Ensuring the ediscovery Process Properly Protects Personal Information Data privacy refers to the appropriate use of personal information under the circumstances. What is personal information? Sensitive information Personally Identifiable Information (PII) Protected Health Information (PHI) Non-public personal financial information (NPPI) 2 Data Privacy & ediscovery
3 Introduction to Data Privacy & ediscovery Personal Information May Include a Wide Variety of Categories Name, gender, age and date of birth Marital status, citizenship, nationality, race, political opinion, religious beliefs Health information Veteran status, disabled status Personal address, phone number, address, social media Business address, phone number, address, social media Internal identification numbers Government-issued identification numbers Social Security number, driver s license, passport 3 Data Privacy & ediscovery
4 Introduction to Data Privacy & ediscovery Organizations are Required by Law to Protect Personal Information, but Privacy Laws Differ Among Jurisdictions In the United States, privacy laws focus on consumer protection Health, human resources, financial, education, government identifiers, online and ecommunications Presumption that the organization can use personal information unless that use is harmful or prohibited by sector-based law In many foreign countries, in particular in the European Union, data privacy is a human right Scope of what is considered personal information may be much broader than in the United States Presumption is that use of personal information is prohibited unless certain conditions are met 4 Data Privacy & ediscovery
5 Introduction to Data Privacy & ediscovery In the United States, There are a Variety of Federal and State Laws and a Variety of Government or Self-Regulatory Agencies Relevant to Data Privacy Examples of Federal & State Laws Gramm-Leach-Bliley Act (GLB Act) Right to Financial Privacy Act (RFPA) Health Insurance Portability and Accountability Act (HIPAA) & Health Information Technology for Economic & Clinical Health (HITECH) Act Children s Online Protection Act (COPA) Electronic Communications Privacy Act State Privacy and Security Breach Laws State Data Transfer Laws Examples of Relevant Regulators /Self- Regulatory Regimes Federal Trade Commission (FTC) Federal Communications Commission (FCC) Department of Commerce Consumer Financial Protection Bureau (CFPB) Department of Transportation (DOT) Securities and Exchange Commission (SEC) Office of the Comptroller of the Currency (OCC) Federal Reserve Federal & State Attorneys General Payment Card Industry Data Security Standards (PCI DSS) 5 Data Privacy & ediscovery
6 Introduction to Data Privacy & ediscovery United States Discovery Rules Assume that Relevant Personal or Private Information Must be Produced in Response to Document Requests Federal Rule of Civil Procedure 26 & State analogs recognize that protections may be necessary for certain types of data, including personal information or business sensitive information Consideration must be given to whether personal information is relevant to the litigation/investigation Protective orders are often used to ensure the protection of personal or private information in discovery U.S. courts have not been willing to excuse production based on foreign data protection laws or blocking statutes 6 Data Privacy & ediscovery
7 Introduction to Data Privacy & ediscovery In Foreign Jurisdictions, There are Different Types of Laws that Relate to Data Privacy and May Impact ediscovery Data Protection Laws: Laws designed to protect privacy in some jurisdictions they cover broader categories of data than U.S. privacy laws Blocking Statutes: Laws designed to protect sovereignty, and shield foreign nationals from intrusive U.S.-style litigation Others: State Secret Laws, Bank Secrecy Laws, etc. 7 Data Privacy & ediscovery
8 Introduction to Data Privacy & ediscovery In the European Union, Each Country s Data Protection Laws Must Comply with the 1995 Data Protection Directive (Currently Under Review) Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to processing of personal data Directive restricts the processing and transfer of personal data These terms are broadly defined Provides for notice to affected employees, including target of an investigation The EU Data Protection Directive binds member-states, and each EU member state implements its own data protection laws 8 Data Privacy & ediscovery
9 Introduction to Data Privacy & ediscovery Data Protection Laws or Blocking Statutes May Severely Restrict Whether and How Data May be Transferred to the United States in Response to Requests for Production Possible steps to permit transfer of data Elimination of personal data from set transferred Use of safe harbor vendors Model contracts/strict protective orders Hague Evidence Convention Blocking statutes may prohibit the transfer of data to the United States in response to litigation requests and may require appeal to foreign courts 9 Data Privacy & ediscovery
10 Introduction to Data Privacy & ediscovery Many Countries Outside the United States and the European Union Have Implemented Their Own Data Protection Laws Outside the EU, data protection law is rapidly evolving, and the EU Directive is a leading model For example, there are data protection laws in Asia (e.g., South Korea, Hong Kong and Taiwan) and South America (e.g., Peru, Argentina) There are also other foreign laws that may be obstacles to discovery. For example: People s Republic of China State Secrets Protection Banking Secrecy Laws in Singapore and Switzerland 10 Data Privacy & ediscovery
11 Intersection of Data Privacy & ediscovery Protecting Personal Information Retained by an Organization Requires Understanding how Data Privacy and ediscovery Intersect Data privacy concerns are often overlooked in litigations/investigations At each stage of the litigation/investigation life cycle, there may be an impact on: Data privacy Data security Protection of business sensitive information (BSI), e.g., intellectual property, non-disclosure agreements, commercially important information Effective management of information during the litigation/ investigation life cycle is critical to maintaining compliance with data privacy obligations, protecting an organization s valuable information, and safeguarding an organization s reputation 11 Data Privacy & ediscovery
12 Intersection of Data Privacy & ediscovery Preservation of Data Retaining data longer than record retention policies require may implicate data privacy obligations Can be considered processing under Data Protection Laws Preserve-in-place v. segregation of data for preservation may impact data security Legal holds to U.S. employees may be different than legal holds sent to non-u.s. employees Notice and consent required? 12 Data Privacy & ediscovery
13 Intersection of Data Privacy & ediscovery Collection of Data Understanding of where personal or private information may reside within the organization before collection Coordination between Legal and Data Privacy professionals Collection By Organization vs. By Outside Vendor Collection Manually vs. Use of Technology By Data Source vs. By Relevance How is data transferred within the organization? Notice and consent required? 13 Data Privacy & ediscovery
14 Intersection of Data Privacy & ediscovery Transferring Data to Law Firm or Vendor Communicating data privacy issues to Law Firm and Vendor Maintaining an audit trail and chain-of-custody Ensuring adequate protections are in place, e.g., encryption or mode of transfer (UPS, hand delivery, etc.) Consider taking additional protective measures prior to transferring any data located overseas to the United States Early filtering to minimize quantity of personal data involved Redaction/anonymization On-site/in-country review Notice and consent? 14 Data Privacy & ediscovery
15 Intersection of Data Privacy & ediscovery Hosting of Data by Law Firm or Vendor Traditionally, ediscovery vendor selection and contracting not subject to scrutiny Remember: if ediscovery vendor discloses data, the organization may be liable Treat ediscovery services as important to the organization and plan accordingly Terms of Engagement Adequate security Audit rights Indemnifications Limits of Liability Special requirements for certain data Notice and consent? 15 Data Privacy & ediscovery
16 Intersection of Data Privacy & ediscovery Production of Data to Requesting Party To Government Agency Request for confidentiality (e.g., FOIA) Special requests for private data Consider coordination with foreign governments, where applicable Redaction is not legally required to produce? To Plaintiff s/requestors Law Firm Communicate data privacy issues and risks associated with production Protective Orders 16 Data Privacy & ediscovery Attorneys Eyes Only Special Storage Requirements Redaction if not legally required to produce? Notice and consent?
17 Intersection of Data Privacy & ediscovery Return or Destruction of Data By Law Firm or Vendor Include in engagement letters or contracts Legal obligation and practical ability Ability to audit compliance By Requesting Party Include in protective orders Legal obligation and practical ability Ability to audit compliance Notice and consent? 17 Data Privacy & ediscovery
18 Questions? 18 Data Privacy & ediscovery
Data Privacy Considerations When Conducting E-Discovery
Data Privacy Considerations When Conducting E-Discovery Therese Craparo Anthony J. Diana Rebecca Kahan Paul Chandler May 17, 2011 MayerBrown is a globallegalservices organisationcomprisinglegalpracticesthatareseparate
More informationThe Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationGlobal Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York
More informationTHE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS
THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern
More informationHarnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Harnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011 Presenter Russell Rusty Weiss Partner
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationImplementing Privacy Compliant Hybrid Cloud Solutions
Implementing Privacy Compliant Hybrid Cloud Solutions SESSION ID: DSP-T07A Peter J Reid Privacy Officer, Enterprise Business Hewlett-Packard Company Historical IT Outsourcing Perspective Cloud Web 2.0
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationManaging your data processors: legal requirements and practical solutions
Managing your data processors: legal requirements and practical solutions Peggy Eisenhauer Privacy & Information Management Services This article has been published in the August 2007 issue of BNAI s World
More informationTaking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHealth Partners HIPAA Business Associate Agreement
Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS
More informationThe Hidden Risks: Managing Risks in Outsourcing Relationships. Bruce Jones Global IT Security, Compliance & Risk Manager Eastman Kodak Company
The Hidden Risks: Managing Risks in Outsourcing Relationships Brian O Connor Chief Security & Privacy Officer Eastman Kodak Company Bruce Jones Global IT Security, Compliance & Risk Manager Eastman Kodak
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationUNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):
UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,
More informationThis form may not be modified without prior approval from the Department of Justice.
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
More informationData Privacy and Security: A Primer for Law Firms
Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationPage 1 of 15. VISC Third Party Guideline
Page 1 of 15 VISC Third Party Guideline REVISION CONTROL Document Title: Author: File Reference: VISC Third Party Guidelines Andru Luvisi CSU Information Security Managing Third Parties policy Revision
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationTOOLBOX. ABA Financial Privacy
ABA Financial Privacy TOOLBOX This tool will help ensure that privacy remains a core value in all corners of your institution. The success of your privacy program depends upon your board s and your management
More informationwhat your business needs to do about the new HIPAA rules
what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or
More informationAppendix : Business Associate Agreement
I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,
More informationPan-Pacific Data Privacy Laws & Regulations: Impact on U.S. E-Discovery and Investigations
Pan-Pacific Data Privacy Laws & Regulations: Impact on U.S. E-Discovery and Investigations Mukesh Advani, Esq., Advisory Board Member, UBIC North America, Inc. UBIC North America, Inc. 3 Lagoon Dr., Ste.
More informationPRIVACY IMPACT ASSESSMENT
PRIVACY IMPACT ASSESSMENT Outsourced Litigation Support Services September 2013 FDIC External Service Table of Contents System Overview Personally Identifiable Information (PII) in OLSS Purpose & Use of
More informationWELCOME. Data Security Seminar November 7, 2012
WELCOME Data Security Seminar November 7, 2012 Data Security Seminar Technology, Legal and Risk Management Roundtable November 7, 2012 Chris Watson, MBA, CISA, CRISC Internal Audit and Risk Advisory Services
More informationBENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT
BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization
More informationI. Introduction to Privacy: Common Principles and Approaches
I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationCloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.
Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq. What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationSELECTED LEGAL ISSUES
SELECTED LEGAL ISSUES OF CLOUD COMPUTING Geneva, June 26, 2014 Internet Law Summer School Michel Jaccard Juliette Ancelle id est avocats, Lausanne www.idest.pro @idestavocats 1 What is «cloud computing»?
More informationManaging Electronic Data in FCPA Investigations
Managing Electronic Data in FCPA Investigations Michael Lackey, Jr. James T. Parkinson Joseph R. Baker Mayer Brown LLP Todd M. Haley epic Legal Document Solutions LLC John Tredennick Catalyst Repository
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationEXHIBIT C BUSINESS ASSOCIATE AGREEMENT
EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date
More informationPrivacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee
Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee August 2010 Introduction Good privacy practices are a key
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
More informationData Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015
Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security
More informationPrivacy and Data Breach Issues
15-013 Privacy and Data Breach Issues Konstantin Dino Tsibouris Founding Principal Tsibouris & Associates Columbus, Ohio Kirk Herath Associate General Counsel Nationwide Insurance Columbus, Ohio Table
More informationTHE ACC, MID-AMERICA CHAPTER Mutual of Omaha Insurance Co. Omaha, NE
1 1 WEDNESDAY May 18 THE ACC, MID-AMERICA CHAPTER Mutual of Omaha Insurance Co. Omaha, NE 12:00 PM LAURA CLARK FEY, Esq., CIPP/US, CIPP/E, CIPM Fey LLC, Leawood, KS Agenda 2 BYOD Stats Legal Risks Associated
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BA Agreement ) amends, supplements, and is made a part of the Agreement ( Agreement ) entered with Client ( CLIENT ) and International
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationInternational Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States
International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presentation to: Ninth Annual Pharmaceutical Regulatory and Compliance
More informationLegal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird)
Legal Aspects of Cloud Computing Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird) Agenda Cloud Computing Overview Role Play on Hot Topics SAAS versus on-premise software licensing
More informationInformation Security Law: Control of Digital Assets.
Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security
More informationDOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS
Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationRight to Financial Privacy Act
Background The Right to Financial Privacy Act of 1978 was enacted to provide the financial records of financial institution customers a reasonable amount of privacy from federal government scrutiny. The
More informationBusiness Conduct, Compliance and Ethics Program. important
Business Conduct, Compliance and Ethics Program important Table of Contents Letter from Troy Kirchenbauer As healthcare s first online direct contracting market, aptitude is committed to upholding the
More informationHIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations
HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH
More informationOnline Lead Generation: Data Security Best Practices
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
More informationMASSIVE NETWORKS Online Backup Compliance Guidelines... 1. Sarbanes-Oxley (SOX)... 2. SOX Requirements... 2
MASSIVE NETWORKS Online Backup Compliance Guidelines Last updated: Sunday, November 13 th, 2011 Contents MASSIVE NETWORKS Online Backup Compliance Guidelines... 1 Sarbanes-Oxley (SOX)... 2 SOX Requirements...
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationModel Business Associate Agreement
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
More informationLegal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev
Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,
More informationRequirements for Technology Outsourcing
Requirements for Technology Outsourcing Table of Contents Revision History... 3 Overview... 4 Service Provider Selection... 5 Service Delivery Models... 5 Legal Considerations... 5 Security Assessments...
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More informationBusiness Associate Agreement (BAA) Guidance
Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity
More informationInformation for Agents and Brokers Regarding the HIPAA Business Associate Agreement
Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans
More informationTHE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.
THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. September 22, 2015 Erica Ouellette Beazley Technology, Media & Business Services Alyson Newton, Executive
More informationCyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012
Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 David Chatfield, Vice President, Cyber Security Services, NetDiligence Linda Clark, Esq., U.S. Senior
More informationPII = Personally Identifiable Information
PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
More informationSocial Marketing & Liability
Social Marketing & Liability Fred E. Karlinsky, Esq. Co-Chair, Insurance Regulatory & Transactions Practice Shareholder, Greenberg Traurig Louisiana Insurers Conference Insurance Compliance Seminar August
More informationThe benefits you need... from the name you know and trust
The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices
More informationInternational ediscovery. When Cyber Workspaces Collide with U.S. Litigation. May 1, 2012
International ediscovery When Cyber Workspaces Collide with U.S. Litigation May 1, 2012 Continuing Education Information We have applied for one hour of California, Minnesota, Texas and Virginia CLE and
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationBUSINESS ASSOCIATE ADDENDUM
BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate
More informationDRAFT BILL PROPOSITION
DRAFT BILL PROPOSITION Establishes principles, guarantees, rights and obligations related to the use of the Internet in Brazil. THE NATIONAL CONGRESS decrees: CHAPTER I PRELIMINAR PROVISIONS Article 1.
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationImpact of Legal and Regulatory Compliance on Higher Education Information Security Management. Dan Han Virginia Commonwealth University
Impact of Legal and Regulatory Compliance on Higher Education Information Security Management Dan Han Virginia Commonwealth University A little about me Worked in IT for close to 15 years, with 12 years
More informationInternational E-Discovery E-Discovery vs. German Data Protection
International E-Discovery E-Discovery vs. German Data Protection ABA Tech Committee April 28 30, 2010 New York, LL.M. CMS Hasche Sigle Kranhaus 1 / Im Zollhafen 18 50678 Cologne Germany Tel: +49 221 7716-140
More informationSpecial Report The HITECH Act
Special Report The HITECH Act Privacy and Data Breach Notification Provision An Overview of the HITECH Act On February 17, 2009, President Obama signed into law the $787 billion stimulus package known
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationHIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions
HIPAA BUSINESS ASSOCIATE ADDENDUM (Privacy & Security) I. Definitions A. Business Associate. Business Associate shall have the meaning given to such term under the Privacy and Security Rules, including,
More informationHIPAA Privacy and Business Associate Agreement
HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered between ("Covered Entity" or "CE") and, ("Business Associate" or "BA"), collectively the Parties, who agree as follows:
More informationHORRY COUNTY PRIVACY AND IDENTITY THEFT PREVENTION POLICY
HORRY COUNTY PRIVACY AND IDENTITY THEFT PREVENTION POLICY STEPS FOR YOUR DEPARTMENT TO COMPLY WITH POLICY AND THE LAW WHAT IS THE PURPOSE OF THIS POLICY? TO PROTECT THE PRIVACY OF RESIDENTS UTILIZING COUNTY
More informationPRIVACY IMPACT ASSESSMENT
PRIVACY IMPACT ASSESSMENT Electronic Litigation Support System June 2012 FDIC Internal System Table of Contents System Overview Personally Identifiable Information (PII) in ELS Purpose & Use of Information
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationFirstCarolinaCare Insurance Company Business Associate Agreement
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
More information